|The management of risk in banks and other financial institutions could be significantly enhanced with the aid of a new code for internal auditors published in July 2013 by the Chartered Institute of Internal Auditors (IIA). |
In line with the recent report of the Parliamentary Commission on Banking Standards, which calls for improvements to internal audit's ability to flag its concerns about the management of risks as one element in improving the governance and behaviour within banks, the new code aims to improve the overall effectiveness of the internal audit function, helping it play a more active role in preventing future problems in the financial service sector.
The new code will provide UK financial services firms with a sector-specific benchmark against which boards and regulators can assess the effectiveness of their internal audit functions.
To boost internal audit's role the new code states that the Chief Internal Auditor should have sufficient standing and authority to challenge the Executive - a particular area of concern raised by the Banking Standards Commission's report - and communicate its concerns to the Board via the appropriate Board Committees.
Key recommendations in the code are:
The new code builds on the IIA's existing International Standards for best practice internal audit and responds to concerns of many including the financial services regulators, that expectations of internal audit have been too low. The new Code takes account of guidance issued last year by the Basel Committee and earlier this year by the US Federal Reserve Bank.
- The scope of internal audit should be unrestricted so that internal auditors are able to assess the management of any risk in any part of the business
- Internal audit should assess whether the organisation's processes and actions are in line with its values, ethics, risk appetite and other policies
- In order to maximise its independence and objectivity, the primary reporting line of internal audit should be to the chair of the audit committee
- Internal audit should be adequately resourced, skilled and quality assured.
The code has been produced by an independent committee established by the IIA and chaired by Roger Marshall, Audit Committee chair at FTSE 100 insurer Old Mutual, with representation and observers from leading banks, insurers, the Financial Conduct Authority, the Prudential Regulation Authority and the Bank of England.
Dr Ian Peters, Chief Executive of the Chartered Institute of Internal Auditors said, "The Institute is adopting the new code in full and commends it to boards, senior executives and internal audit practitioners.
"The new code gives internal audit the potential to play a much more significant role in supporting better management of risk in financial services organisations. The importance of this role is recognised by the Banking Standards Commission and others, including the financial services regulators, who see the need to strengthen internal audit's independence, role and scope."
Roger Marshall said, "We have created a code that establishes principles that can be applied in a manner appropriate to firms of all sizes and complexity across the UK financial services sector.
"Many of the recommendations within the code can only be implemented by boards, audit committees and executive management. A key aim of this new code is to encourage boards to ensure internal auditors have a wide view across the range of risks within their organisations. The code also gives guidance to enable internal audit to exert greater influence in ensuring that those risks are managed effectively, across the whole financial services sector."
The code was finalised after an extensive consultation programme. Over 100 submissions were received from industry and other parties in response to the call for comments. The final code reflects the views of a wide range of stakeholders, and internal audit practitioners.
Download the code